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IN THE CLAIMS 
Please amend the claims as follows: 
1-34. (Canceled) 

35. (Currently Amended) A session management apparatus that can connect to a first 
apparatus and a second apparatus over a network, the first apparatus and the second apparatus 
exchanging Session Initiation Protocol (SIP) messages via the sessi on management apparatus 
to establish a connection, the session management apparatus comprising: 

a part configured to perform for performing mutual authentication with the first 
apparatus to establish a first encrypted communication channel between the session 
management apparatus and the first apparatus, and to store s toring a name of the first 
apparatus and identification information of the first encrypted communication channel in a 
storage device^ wherein the name of the first apparatus is obtained from a REGISTER 
message sent bv the first apparatus, and the name of the first apparatus and the identification 
information are associated with each other; 

a part configured to establish for es tabli s hing a second encrypted communication 
channel between the session management apparatus and the second apparatus based on 
mutual authentication with the second apparatus; 

a part configured to receive an INVITE for rec e iving a message including a name of 
the first apparatus via the first encrypted communication channel; 

a part configured to determine for det e rmining whether the name included in the 
INVITE message is correct by comparing the name included in the INVITE message with the 
name, obtained from the REGISTER message, that is stored in the storage device and that is 
associated with the identification information of the first encrypted communication channel; 
and 



2 



Application No. 10/578,177 

Reply to Office Action of October 15, 2010 

a part configured to send the INVITE for s e nding the message to the second apparatus 
via the second encrypted communication channel. 

36. (Currently Amended) The session management apparatus as claimed in claim 35, 
wherein, if the session management apparatus determines that the name of the first apparatus 
included in the INVITE message is not correct, the session management apparatus sends an 
error message to the first apparatus. 

37. (Currently Amended) A session management apparatus that can connect to a first 
apparatus and a second apparatus over a network, the first apparatus and the second apparatus 
exchanging Session Initiation Protocol (SIP) messages via the sessi on management apparatus 
to establish a connection, the session management apparatus comprising: 

a part configured to perform for p e rforming mutual authentication with the first 
apparatus to establish a first encrypted communication channel between the session 
management apparatus and the first apparatus; 

a part configured to establish for e stablishing a second encrypted communication 
channel between the session management apparatus and the second apparatus based on 
mutual authentication with the second apparatus; 

a part configured to receive for r e c e iving , from the first apparatus via the first 
encrypted communication channel, an INVITE [[a]] message including a first header 
indicating reliability of a route between the first apparatus and the session management 
apparatus; and 

a part configured to add for adding a second header indicating reliability of a route 
between the session management apparatus and the second apparatus to the INVITE 
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message, and to send s e nding the INVITE message to the second apparatus via the second 
encrypted communication channel, 

wherein, when the session management apparatus receives, from another session 
management apparatus, an INVITE message to which headers indicating reliability of routes 
are added, the session management apparatus adds an additional header in dicating reliability 
of a route between the session management apparatus and a next apparatus to the INVITE 
message, and sends the INVITE message to the next apparatus . 

38. (Original) The session management apparatus as claimed in claim 37, wherein 
the first header includes an address of the first apparatus, and in response to receiving the first 
header, the session management apparatus determines validity of the first header by 
comparing an address included in the first header and an address of the first apparatus. 

39. (Canceled) 

40. (Currently Amended) A method for transferring a message among a first 
apparatus, a session management apparatus and a second apparatus each connected to a 
network, the first apparatus and the second apparatus exchanging Session Initiation Protoc ol 
(SIP) messages via the session management apparatus to establish a connection, wherein: 

the session management apparatus and the first apparatus perform mutual 
authentication to establish a first encrypted communication channel between the session 
management apparatus and the first apparatus, and the session management apparatus stores a 
name of the first apparatus and identification information of the first encrypted 
communication channel in a storage device, wherein the name of the first apparatus is 



4 



Application No. 10/578,177 

Reply to Office Action of October 15, 2010 

obtained from a REGISTER message sent by the first apparatus, and the name of the first 
apparatus and the identification information are associated with each other; 

the session management apparatus and the second apparatus performs mutual 
communication to establish a second encrypted communication channel between the session 
management apparatus and the second apparatus; 

the first apparatus sends [[a]] an INVITE message including a name of the first 
apparatus via the first encrypted communication channel to the session management 
apparatus; 

the session management apparatus determines whether the name included in the 
INVITE message is correct by comparing the name included in the INVITE message with the 
name , obtained from the REGISTER message, that is stored in the storage device and that is 
associated with the identification information of the first encrypted communication channel; 
and 

the session management apparatus sends the INVITE message to the second apparatus 
via the second encrypted communication channel. 

41. (Currently Amended) A method for transferring a message among a first 
apparatus, a session management apparatus and a second apparatus each connected to a 
network, the first apparatus and the second apparatus exchanging Session Initiation Protocol 
(SIP) messages via the session management apparatus to establish a connection, wherein: 

the session management apparatus and the first apparatus perform mutual 
authentication to establish a first encrypted communication channel between the session 
management apparatus and the first apparatus; 
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the session management apparatus and the second apparatus perform mutual 
communication to establish a second encrypted communication channel between the session 
management apparatus and the second apparatus; 

the first apparatus sends, to the session management apparatus via the first encrypted 
communication channel, [[a]] an INVITE message including a first header indicating 
reliability of a route between the first apparatus and the session management apparatus; and 

the session management apparatus adds a second header indicating reliability of a 
route between the session management apparatus and the second apparatus to the INVITE 
message, and sends the INVITE message to the second apparatus via the second encrypted 
communication channel 

wherein, when the session management apparatus receives, from another session 
management apparatus, an INVITE message to which headers indicating reliability of routes 
are added, the session management apparatus adds an additional header indicating reliability 
of a route between the session management apparatus and a next apparatus to the INVITE 
message, and sends the INVITE message to the next apparatus . 

42. (Currently Amended) A non-transitory computer-readable medium including a 
computer program, which when executed by a computer causes the computer to function as a 
session management apparatus that can connect to a first apparatus and a second apparatus 
over a network, the first apparatus and the second apparatus exchanging Session Initiation 
Protocol (SIP) messages via the session management apparatus to establish a connection, the 
computer program comprising: 

program code for performing mutual authentication with the first apparatus to 
establish a first encrypted communication channel between the session management 
apparatus and the first apparatus, and storing a name of the first apparatus and identification 
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information of the first encrypted communication channel in a storage device,, wherein the 
name of the first apparatus is obtained from a REGISTER message sent by the first apparatus, 
and the name of the first apparatus and the identification information are associated with each 
other; 

program code for establishing a second encrypted communication channel between 
the session management apparatus and the second apparatus based on mutual authentication 
with the second apparatus; 

program code for receiving [[a]] an invite message including a name of the first 
apparatus via the first encrypted communication channel; 

program code for determining whether the name included in the INVITE message is 
correct by comparing the name included in the INVITE message with the name , obtained 
from the REGISTER message, that is stored in the storage device and that is associated with 
the identification information of the first encrypted communication channel; and 

program code for sending the INVITE message to the second apparatus via the second 
encrypted communication channel. 

43. (Currently Amended) A non-transitory computer-readable medium including a 
computer program, which when executed by a computer causes the computer to function as a 
session management apparatus that can connect to a first apparatus and a second apparatus 
over a network, the first apparatus and the second apparatus exchanging Session Initiation 
Protocol (SIP) messages via the session management apparatus to establish a connection, the 
computer program comprising: 

program code for performing mutual authentication with the first apparatus to 
establish a first encrypted communication channel between the session management 
apparatus and the first apparatus; 
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program code for establishing a second encrypted communication channel between 
the session management apparatus and the second apparatus based on mutual authentication 
with the second apparatus; 

program code for receiving, from the first apparatus via the first encrypted 
communication channel, [[a]] an INVITE message including a first header indicating 
reliability of a route between the first apparatus and the session management apparatus; 
[[and]] 

program code for adding a second header indicating reliability of a route between the 
session management apparatus and the second apparatus to the INVITE message, and 
sending the INVITE message to the second apparatus via the second encrypted 
communication channel ; and 

program code for, when the session management apparatus receives, from another 
session management apparatus, an INVITE message to which head ers indicating reliability of 
routes are added, adding an additional header indicating reliability of a route between the 
session management apparatus and a next apparatus to the INVITE message, and sending the 
INVITE message to the next apparatus . 

44. (Previously Presented) A method for establishing an encrypted communication 
channel between a first apparatus and a second apparatus, and performing communication 
between the second apparatus and a third apparatus using the encrypted communication 
channel, comprising: 

a first step of exchanging key information for encrypted communication and 
performing mutual authentication between a session management apparatus and the second 
apparatus so as to establish a second encrypted communication channel between the session 
management apparatus and the second apparatus; 
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a second step in which the first apparatus is accessed by the third apparatus; 

a third step of exchanging key information for encrypted communication and 
performing mutual authentication between the session management apparatus and the first 
apparatus so as to establish a first encrypted communication channel between the session 
management apparatus and the first apparatus; 

a fourth step in which the first apparatus sends, to the session management apparatus 
via the first encrypted communication channel, a connection request message destined for the 
second apparatus including key information used for encrypted communication between the 
first apparatus and the second apparatus, and the session management apparatus sends the 
connection request message to the second apparatus via the second encrypted communication 
channel; 

a fifth step in which the second apparatus sends, to the session management apparatus 
via the second encrypted communication channel, a response message including key 
information used for encrypted communication between the first apparatus and the second 
apparatus in response to receiving the connection request message, and the session 
management apparatus sends the response message to the first apparatus via the first 
encrypted communication channel; 

a sixth step in which the. first apparatus receives data from the second apparatus via 
the encrypted communication channel established between the first apparatus and the second 
apparatus, and sends the data to the third apparatus, 

wherein the first apparatus is provided with a table including at least one connection 
destination permitted for the third apparatus, and the first apparatus sends information of the 
at least one connection destination to the third apparatus in response to receiving access from 
the third apparatus, and receives a connection destination from the third apparatus so as to 
send the connection request message destined for the second apparatus to the session 
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management apparatus in the fourth step based on the connection destination received from 
the third apparatus. 

45. (Previously Presented) A method for establishing an encrypted communication 
channel between a first apparatus and a second apparatus, and performing communication 
between the second apparatus and a third apparatus using the encrypted communication 
channel, comprising: 

a first step of exchanging key information for encrypted communication and 
performing mutual authentication between a session management apparatus and the first 
apparatus so as to establish a first encrypted communication channel between the session 
management apparatus and the first apparatus; 

a second step of exchanging key information for encrypted communication and 
performing mutual authentication between the session management apparatus and the second 
apparatus so as to establish a second encrypted communication channel between the session 
management apparatus and the second apparatus; 

a third step in which the first apparatus is accessed by the third apparatus; 

a fourth step in which the first apparatus sends, to the session management apparatus 
via the first encrypted communication channel, a connection request message destined for the 
second apparatus including key information used for encrypted communication between the 
first apparatus and the second apparatus, and the session management apparatus sends the 
connection request message to the second apparatus via the second encrypted communication 
channel; 

a fifth step in which the second apparatus sends, to the session management apparatus 
via the second encrypted communication channel, a response message including key 
information used for encrypted communication between the first apparatus and the second 
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apparatus in response to receiving the connection request message, and the session 
management apparatus sends the response message the first apparatus via the first encrypted 
communication channel; 

a sixth step in which the first apparatus receives data from the second apparatus via 
the encrypted communication channel established between the first apparatus and the second 
apparatus, and sends the data to the third apparatus, 

wherein the first apparatus is provided with a table including at least one connection 
destination permitted for the third apparatus, and the first apparatus sends information of the 
at least one connection destination to the third apparatus in response to receiving access from 
the third apparatus, and receives a connection destination from the third apparatus so as to 
send the connection request message destined for the second apparatus to the session 
management apparatus in the fourth step based on the connection destination received from 
the third apparatus. 

46. (Previously Presented) The method as claimed in claim 44, wherein the session 
management apparatus has information for determining whether connection is permitted 
between apparatuses, 

when the session management apparatus receives a connection request message 
destined for an apparatus of a connection request destination from an apparatus of a 
connection request source, the session management apparatus determines whether connection 
between the apparatus of the connection request destination and the apparatus of the 
connection request source is permitted by referring to the information, and 

if the connection is permitted, the session management apparatus sends the connection 
request message to the apparatus of the connection request destination, and if the connection 
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is not permitted, the session management apparatus rejects the connection without sending 
the connection request message to the apparatus of the connection request destination. 

47. (Previously Presented) The method as claimed in claim 45, wherein the session 
management apparatus has information for determining whether connection is permitted 
between apparatuses, 

when the session management apparatus receives a connection request message 
destined for an apparatus of a connection request destination from an apparatus of a 
connection request source, the session management apparatus determines whether connection 
between the apparatus of the connection request destination and the apparatus of the 
connection request source is permitted by referring to the information, and 

if the connection is permitted, the session management apparatus sends the connection 
request message to the apparatus of the connection request destination, and if the connection 
is not permitted, the session management apparatus rejects the connection without sending 
the connection request message to the apparatus of the connection request destination. 

48. (Previously Presented) An apparatus that establishes an encrypted 
communication channel to a second apparatus by using a session management apparatus, the 
apparatus comprising: 

a first part configured to exchange key information for encrypted communication with 
the session management apparatus, perform mutual authentication with the session 
management apparatus so as to establish an encrypted communication channel between the 
apparatus and the session management apparatus; 

a second part configured to send, to the session management apparatus via the 
encrypted communication channel, a connection request message including key information 
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for encrypted communication between the apparatus and the second apparatus, and receive, 
from the second apparatus via the session management apparatus, a response message 
including key information for encrypted communication between the apparatus and the 
second apparatus so as to establish an encrypted communication channel between the 
apparatus and the second apparatus; 

a part configured to perform, after being accessed by a third apparatus, processing by 
the first part for establishing the encrypted communication channel between the apparatus 
and the session management apparatus, and processing by the second part for establishing the 
encrypted communication channel between the apparatus and the second apparatus, and 
receive data from the second apparatus via the encrypted communication channel established 
between the apparatus and the second apparatus, and send the data to the third apparatus; 

a table including at least one connection destination permitted for the third apparatus; 

and 

a part configured to send information of the at least one connection destination to the 
third apparatus in response to receiving access from the third apparatus, and receive a 
connection destination from the third apparatus, 

wherein the second part sends the connection request message destined for the second 
apparatus to the session management apparatus based on the connection destination received 
from the third apparatus. 

49. (Previously Presented) An apparatus that establishes an encrypted 
communication channel to a second apparatus by using a session management apparatus, the 
apparatus comprising: 

a first part configured to exchange key information for encrypted communication with 
the session management apparatus, perform mutual authentication with the session 
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management apparatus so as to establish an encrypted communication channel between the 
apparatus and the session management apparatus; 

a second part configured to send, to the session management apparatus via the 
encrypted communication channel, a connection request message including key information 
for encrypted communication between the apparatus and the second apparatus, and receive, 
from the second apparatus via the session management apparatus, a response message 
including key information for encrypted communication between the apparatus and the 
second apparatus so as to establish an encrypted communication channel between the 
apparatus and the second apparatus; 

a part configured to perform, after being accessed by a third apparatus, processing by 
the second part for establishing the encrypted communication channel between the apparatus 
and the second apparatus, and receive data from the second apparatus via the encrypted 
communication channel established between the apparatus and the second apparatus, and 
send the data to the third apparatus; 

a table including at least one connection destination permitted for the third apparatus; 

and 

a part configured to send information of the at least one connection destination to the 
third apparatus in response to receiving access from the third apparatus, and receive a 
connection destination from the third apparatus, 

wherein the second part sends the connection request message destined for the second 
apparatus to the session management apparatus based on the connection destination received 
from the third apparatus. 

50. (Previously Presented) A non-transitory computer-readable medium including 
computer program instructions, which when executed by an apparatus, cause the apparatus to 
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perform a method of establishing an encrypted communication channel to a second apparatus 
by using a session management apparatus, the method comprising: 

exchanging key information for encrypted communication with the session 
management apparatus; 

performing mutual authentication with the session management apparatus so as to 
establish an encrypted communication channel between the apparatus and the session 
management apparatus; 

sending, to the session management apparatus via the encrypted communication 
channel, a connection request message including key information for encrypted 
communication between the apparatus and the second apparatus; 

receiving, from the second apparatus via the session management apparatus, a 
response message including key information for encrypted communication between the 
apparatus and the second apparatus so as to establish an encrypted communication channel 
between the apparatus and the second apparatus; 

establishing, after being accessed by a third apparatus, the encrypted communication 
channel between the apparatus and the session management apparatus; 

establishing the encrypted communication channel between the apparatus and the 
second apparatus; 

receiving data from the second apparatus via the encrypted communication channel 
established between the apparatus and the second apparatus; 
sending the data to the third apparatus; 

storing at least one connection destination permitted for the third apparatus; 
sending information of the at least one connection destination to the third apparatus in 
response to receiving access from the third apparatus; 

receiving a connection destination from the third apparatus; and 
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sending the connection request message destined for the second apparatus to the 

session management apparatus based on the connection destination received from the third 

apparatus. 

5 1 . (Previously Presented) A non-transitory computer-readable medium including 
computer program instructions, which when executed by an apparatus, cause the apparatus to 
perform a method of establishing an encrypted communication channel to a second apparatus 
by using a session management apparatus, the method comprising: 

exchanging key information for encrypted communication with the session 
management apparatus; 

performing mutual authentication with the session management apparatus so as to 
establish an encrypted communication channel between the apparatus and the session 
management apparatus; 

sending, to the session management apparatus via the encrypted communication 
channel, a connection request message including key information for encrypted 
communication between the apparatus and the second apparatus; 

receiving, from the second apparatus via the session management apparatus, a 
response message including key information for encrypted communication between the 
apparatus and the second apparatus to establish an encrypted communication channel 
between the apparatus and the second apparatus; 

establishing the encrypted communication channel between the apparatus and the 
second apparatus; 

receiving data from the second apparatus via the encrypted communication channel 
established between the apparatus and the second apparatus; 
sending the data to the third apparatus; 
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storing at least one connection destination permitted for the third apparatus; 

sending information of the at least one connection destination to the third apparatus in 
response to receiving access from the third apparatus; 

receiving a connection destination from the third apparatus; and 

sending the connection request message destined for the second apparatus to the 
session management apparatus based on the connection destination received from the third 
apparatus. 
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